I got brought in on this by someone who hit my Gtalk on my phone at 4:30a to let me know that the world was coming to an end -- more or less.

In the last couple hours we've sorted out a lot and the deal is, in the new Droid X OTA it appears that they have replaced the entire HAB chain from the mbmloader (the loader for the boot loader) on forward. The keys that were used to sign the prior HAB components are no longer trusted by the new HAB components. What that means is that if you take the current OTA, and then subsequently use an SBF (or any other method) to replace a signed code group (which is just about every code group on a DX) that signature will not be valid and the boot process will halt when that CG is encountered. Since pretty much every SBF contains the "boot" and "recovery" code group, as well as the very-critical "CDT" code group, this means if you apply an SBF to your OTA'd phone (that is now running the 30.03 bootloader) your phone is toast. But not permanently.

In the above scenario you will still be running the new mbmloader (GC63) and mbm (CG30), so as long as you put code groups back on that are signed with the new signatures, you'll be back in business. None of the prior SBF's are going to help you -- they are invalid as of this OTA.

I'm sure Verizon is expecting this and has the 2.3.13 SBF standing by in the retail stores so they can flash you back to stock and get you working again (and give you the evil eye when you lie about how your phone got this way -- because I'm sure they have been warned about this happening in advance).

That's all for now. Hopefully this helps avoid too much unnecessary confusion, so you can just concentrate on dealing with the necessary confusion.

Oh, and to all the people who mocked when the idea of a hostile bootloader via OTA came up in the Droid 1 topic, well...

Another example of why x users will never truly have a custom rom. Now they must wait for another sbf leak if they want a "custom" froyo. It sucks that motorola/verizon is doing this but that's how it is.

Doesn't this pretty much make the "custom" roms that are out there useless or are they not affected (provided you never upgrade to froyo...which is dumb).

I guess the moral of this story is, if you're going to use a phone that's not wide open, be sure to set it so it can't receive OTA and don't apply the OTA until the "early adopters" do.

Click to expand...

The second moral is that unfortunately devs will never defeat a locked bootloader no matter how awesome they think their "hacking" skills are haha

If someone does crack it (which no one ever will) moto will just ota different keys and you won't get gingerbread or any other kernel upgrade until you apply the ota...effectively making your previous work useless. And once the x reaches eol, your phone becomes obsolete more or less.

Theme Developer

I guess the moral of this story is, if you're going to use a phone that's not wide open, be sure to set it so it can't receive OTA and don't apply the OTA until the "early adopters" do.

Click to expand...

The second moral is that unfortunately devs will never defeat a locked bootloader no matter how awesome they think their "hacking" skills are haha

If someone does crack it (which no one ever will) moto will just ota different keys and you won't get gingerbread or any other kernel upgrade until you apply the ota...effectively making your previous work useless. And once the x reaches eol, your phone becomes obsolete more or less.

I love my d1 haha.

Click to expand...

Pessimist much?

pes·si·mism (ps-mzm)n.1. A tendency to stress the negative or unfavorable or to take the gloomiest possible view: "We have seen too much defeatism, too much pessimism, too much of a negative approach" (Margo Jones).

Dude! I should write your name down just to look you up when it IS unlocked (because it WILL be) just to come tell you HA! when it happens!

If someone does crack it (which no one ever will) moto will just ota different keys and you won't get gingerbread or any other kernel upgrade until you apply the ota...effectively making your previous work useless. And once the x reaches eol, your phone becomes obsolete more or less.

Click to expand...

Nah - if the HAB is disabled you can just take the gingerbread OTA, remove the parts you don't want (new bootloader, etc.) and stick it on your phone since your phone won't be checking signatures. No problemo.

I'm not too knowledgeable when it comes to Bootloaders and such, nor do I own an X but wasn't Apple ruled against this sort of thing in court after there was talk (not sure if they did it) about releasing updates that would brick a device.

Out of curiosity, could something like this fall under this category, or is changing the keys for the HAB something that is more a normal practice and likely wouldn't be considered "malicious code" that could brick a device (even if it is fixable)?

If someone does crack it (which no one ever will) moto will just ota different keys and you won't get gingerbread or any other kernel upgrade until you apply the ota...effectively making your previous work useless. And once the x reaches eol, your phone becomes obsolete more or less.

Click to expand...

Nah - if the HAB is disabled you can just take the gingerbread OTA, remove the parts you don't want (new bootloader, etc.) and stick it on your phone since your phone won't be checking signatures. No problemo.

If this is the case then who cares about bootloaders haha. That it's awesome news if it's true that you can just remove parts of the ota. So I don't get why people make a big deal about it. Ignore the locked bootloader and just remove parts. Is it simple to disable the HAB? Or does disabling it require cracking at least one bootloader version? If so...not gonna happen. Brute force is out of the question...and I might be a pessimist but also a realist. I highly doubt it'll be an obscure group of android "hackers" who crack encryption like that.